weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
7,469 Commits 45 Branches 0 Tags 96 MiB
ea5c7b3bfd
Commit Graph

7469 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johann Behr
ea5c7b3bfd
Update deploy/charts/cert-manager/values.yaml 
Co-authored-by: Maël Valais <mael@vls.dev>
Signed-off-by: Johann Behr <24767736+ExNG@users.noreply.github.com>
 2023-02-10 14:43:06 +01:00
Johann Behr
d9a68bee40
Add 6443/TCP to webhook egress NetworkPolicy 
Signed-off-by: Johann Behr <j.behr@avm.de>
 2023-02-09 11:46:15 +01:00
jetstack-bot
57113668e0
Merge pull request #5776 from maelvls/test-vault-validation 
Vault: add unit tests for the controller-side validation of the Vault Issuer
 2023-02-06 13:39:08 +00:00
jetstack-bot
dadaf0eb1e
Merge pull request #5781 from maelvls/kubuilder-version-fix 
make: the kubebuilder 1.26.0 hash for linux/amd64 changed
 2023-02-06 11:52:07 +00:00
Maël Valais
8ff6355d94 make: the kubebuilder 1.26.0 hash for linux/amd64 changed 
Signed-off-by: Maël Valais <mael@vls.dev>
 2023-02-06 12:08:03 +01:00
Maël Valais
15748767ef vault: add unit tests around Setup 
Signed-off-by: Maël Valais <mael@vls.dev>
 2023-02-03 16:27:52 +01:00
jetstack-bot
7ab1461674
Merge pull request #5764 from irbekrm/cainjector_filter_injectables 
Cainjector: only reconcile annotated injectables
 2023-02-01 11:41:49 +00:00
irbekrm
74b258c3be Code review feedback 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-02-01 08:53:27 +00:00
jetstack-bot
f790109300
Merge pull request #5754 from wallrj/no-auto-mount-service-account 
Disable auto mount service account token in the ACME HTTP01 pod
 2023-01-31 15:21:49 +00:00
Richard Wall
17ae96cf80 Make the best-practice configuration optional in E2E tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-31 14:09:37 +00:00
irbekrm
7e4dea1c2e Clarify the error message when secret annotation is missing namespace prefix 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-31 11:12:31 +00:00
irbekrm
24040c4989 Ensure that updates to injectables are caught 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-31 10:49:56 +00:00
irbekrm
a174f0faa4 Filter injectables that trigger reconciles 
Only trigger reconciles for events on injectable types that are annotated, not random unrelated resources

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-30 11:27:15 +00:00
irbekrm
7a5c71a1ed Cleanup, better comments 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-30 11:26:07 +00:00
jetstack-bot
8444b9c101
Merge pull request #5758 from SgtCoDFish/bumpbase 
Bump base images to latest
 2023-01-30 08:39:39 +00:00
Ashley Davis
78018402fe
bump base images to latest 
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
 2023-01-27 15:15:09 +00:00
Richard Wall
e727df6c1d Disable automountServiceAccountToken in the ACME HTTP01 solver Pod 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-26 17:22:42 +00:00
Richard Wall
a0683195f9 Add a secure-defaults Helm chart values file and use it in E2E tests 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-26 17:22:42 +00:00
Richard Wall
18990707a4 Use the restrict automount sa token policy 
https://kyverno.io/policies/other/restrict_automount_sa_token/restrict_automount_sa_token/

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-25 21:53:57 +00:00
Richard Wall
45eeb4acd3 Regenerate existing policy file 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-25 20:13:02 +00:00
jetstack-bot
9f7a4053ab
Merge pull request #5746 from irbekrm/cainjector_remove_duplicate_cache 
Remove the double cache mechanism for cainjector
 2023-01-25 15:05:57 +00:00
jetstack-bot
57c790e368
Merge pull request #5748 from wallrj/revert-954eb0d 
Revert "automount service account tokens off by default"
 2023-01-24 18:04:08 +00:00
Richard Wall
24cbfc7ba8 Revert "automount service account tokens off by default" 
This reverts commit 954eb0d875.

Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-24 17:19:52 +00:00
Richard Wall
954eb0d875 automount service account tokens off by default 
Signed-off-by: Richard Wall <richard.wall@jetstack.io>
 2023-01-24 17:00:11 +00:00
irbekrm
3aba8ed32d Makes cainjector Certificate watch optional 
Configurable via a flag, true by default

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-24 13:52:45 +00:00
jetstack-bot
b048552bac
Merge pull request #5744 from cert-manager/cleanup_certificate_stuff 
Move and rename Certificate util functions
 2023-01-24 10:34:44 +00:00
jetstack-bot
be017fafa1
Merge pull request #5668 from waterfoul/volumes 
Added the ability to set volumes and volumeMounts to all pods  via helm
 2023-01-24 09:23:44 +00:00
Tim Ramlot
3978597320
Cleaning up a checks 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-24 09:50:56 +01:00
Aaron Aichlmayr
1d7e360ea4
Cleaning up a check 
Co-authored-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Aaron Aichlmayr <waterfoul@gmail.com>
 2023-01-23 16:36:01 -06:00
irbekrm
4776597cb4 Remove the double cache mechanism for cainjector 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-23 17:38:46 +00:00
Tim Ramlot
191e7ca305
add (deprecated) stub functions 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:26:37 +01:00
Tim Ramlot
23de5240e9
move utility functions to reduce fragmentation and rename functions for consistency 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
 2023-01-23 13:19:39 +01:00
jetstack-bot
1038ca4494
Merge pull request #4502 from ctrought/master 
support subject and email annotations for ingress/gateway
 2023-01-20 14:35:37 +00:00
ctrought
575e3155c2 fix: goimports 
Signed-off-by: ctrought <k8s@trought.ca>
 2023-01-19 14:57:10 -05:00
jetstack-bot
c08b337cf7
Merge pull request #5736 from irbekrm/webhook_solver_conformance_bugfix 
Webhook solver conformance bugfix
 2023-01-19 13:44:03 +00:00
irbekrm
438c79d4e3 Code review feedback: fix imports 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-19 12:05:56 +00:00
irbekrm
644a46c8fe Resets secrets lister in RFC2136 conformance tests 
The way the tests run (a new kube apiserver with a different client created for the same initialized solver) is not how this solver would actually run

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:43:34 +00:00
irbekrm
216b60e98b RFC2136 solver has an init option to reset secrets lister 
Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:41:51 +00:00
irbekrm
1834afaa00 A bunch of comments on webhook solver functionality 
With the goal of making folks working on these parts of code be aware that this is the one bit that will be imported in external projects

Signed-off-by: irbekrm <irbekrm@gmail.com>
 2023-01-18 17:41:02 +00:00
jetstack-bot
d5125b55ce
Merge pull request #5722 from james-callahan/container-label 
Add org.opencontainers.image.source OCI label to containers
 2023-01-18 11:31:58 +00:00
jetstack-bot
ece47eb66f
Merge pull request #5724 from g-gaston/bump-keystore-go-4-4-1 
Bump keystore-go to v4.4.1
 2023-01-17 13:08:00 +00:00
jetstack-bot
a6e00a8623
Merge pull request #5711 from lucacome/bump-deps 
Bump dependencies
 2023-01-17 11:51:00 +00:00
Aaron Aichlmayr
b967232e7b
Fixed a few indents 
Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
 2023-01-16 10:29:11 -06:00
Aaron Aichlmayr
0ce3553e7f
Adding the ability to set volumes and volumeMounts to all pods 
Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
 2023-01-16 10:29:11 -06:00
jetstack-bot
3115953b02
Merge pull request #5614 from jkroepke/dns-extra-args 
helm: expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value
 2023-01-16 09:26:29 +00:00
Jan-Otto Kröpke
b952058775
[helm] expose enable-certificate-owner-ref and -dns01-recursive-nameservers as helm value 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2023-01-14 15:16:16 +01:00
Guillermo Gaston
7528760e65 Bump keystore-go to v4.4.1 
This version points to the same commit as v4.4.0, so there is no actual
code change. However, trying to build cert-manager with v4.4.0 errors
out due to a checksum mismatch. Bumping to the new tag solved the
issue.

Signed-off-by: Guillermo Gaston <gaslor@amazon.com>
 2023-01-13 20:39:30 +00:00
Luca Comellini
98ce5936ec
Update Helm and Kubebuilder 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:41 -08:00
Luca Comellini
7e5cd34341
Update Cloudflare ListDNSRecords 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:41 -08:00
Luca Comellini
85ca8e0444
Bump dependencies 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-01-13 09:55:27 -08:00